CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-12992
High

A server-side request forgery (SSRF) vulnerability was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import locations, causing the registry to issue HTTP requests to arbitrary internal URLs.

CVE-2026-12975
High

A flaw was found in Apicurio Registry where the ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs with default configuration) can upload a crafted XML document to trigger blind server-side request forgery (SSRF) via external DTD/entity fetch, or cause denial of service via entity expansion.

CVE-2026-11800
High

A flaw was found in Keycloak where JWT algorithm confusion in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens and impersonate any federated user linked to the affected Identity Provider.

CVE-2026-11703
High

The vulnerability involves missing SNI/ALPN binding on stateful (session-ID) resumption, allowing a cached session to be resumed under a different SNI/ALPN than originally negotiated. Where client-authentication policy differs across virtual hosts, this could carry the cached peer-authentication state into an unintended context.

CVE-2026-10098
Medium

A vulnerability in the wolfSSL_OCSP_resp_find_status function of the wolfSSL library causes serial number comparison in OCSP responses to not require equal length. This allows a SingleResponse for a certificate whose serial is a prefix of the target's serial to be incorrectly matched, returning the wrong certificate's revocation status.

CVE-2025-71340
High

The vulnerability in picklescan up to version 0.0.26 inclusive fails to detect malicious pickle files that use the `idlelib.pyshell.ModifiedInterpreter.runcode` method in the `__reduce__` function. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via `pickle.load()`, enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

CVE-2025-71338
Critical

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

CVE-2025-71336
Critical

Flowise before version 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature. An attacker can send a crafted JSON payload with the header 'x-request-from: internal' to the /api/v1/node-load-method/customMCP endpoint to execute arbitrary OS commands, leading to complete compromise of the platform container or server.

CVE-2025-71335
High

Flowise before version 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the legitimate user even after the user rotates their credentials.

CVE-2025-71334
CriticalEPSS 54%

Flowise before version 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.

CVE-2025-71333
Critical

Flowise through version 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.

CVE-2025-71328
High

Flowise before version 3.0.10 has an unverified password change vulnerability. An authenticated user can change their password without providing the current password, allowing an attacker who hijacks a session to take over the account.

CVE-2025-71327
Critical

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

CVE-2025-71324
High

Flowise before version 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory containment check, allowing path traversal beyond the intended storage directory. Unauthenticated attackers can read sensitive files such as /root/.flowise/database.sqlite, exposing all database content in the default configuration.

CVE-2021-47987
High

The vulnerability concerns a supply chain incident in Parse Server before version 4.10.0, where incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (e.g., parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.

CVE-2021-47986
High

A vulnerability in Parse Server before version 4.10.0 stems from incorrect version tags pushed to the repository, pointing to unreviewed code from a personal fork. Attackers could exploit these tags in dependency declarations to execute unreviewed and potentially malicious code.

CVE-2020-37256
Medium

Grav before version 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.

CVE-2026-6731
High

Vulnerability allows bypassing X.509 name constraints via the Subject Common Name treated as a DNS-type name. A certificate whose CN violates an issuing CA's DNS name constraints could be accepted.

CVE-2026-6681
Medium

In the PKCS#7 decode path of the wolfSSL library, the caller-supplied output buffer size (outputSz) is ignored, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL version 5.9.0 and earlier, and was fixed in release 5.9.1.

CVE-2026-6679
High

A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun.

PreviousPage 227 of 4630Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS